IP 10.0.1.128:6667 Probing

Discussion in 'Windows Desktop Systems' started by lieb39, Sep 8, 2003.

  1. lieb39

    lieb39 Apple lover, PC User

    Messages:
    526
    Location:
    Australia
    10.0.1.128:6667

    Hello everyone,

    It seems that something on my desktop computer is trying to connect to the computer 10.0.1.128 on port 6667. I do not have any IRC programs running, (I know that this is a IRC port)

    Any infomation? I think it might be a trojan.

    -lieb39
     
  2. Enyo

    Enyo Moderator

    Messages:
    1,338
    Its trying to connect to a system a none-routeable internal IP :confused:

    Probably a trojan or a worm.

    Download active ports:

    http://www.protect-me.com/freeware.html

    Identify the process that is trying to connect.

    Find the exe, ZIP the exe up and send it to me, ill identify it.

    And finally rename the exe to say exe.virus until we know what is it.
     
  3. lieb39

    lieb39 Apple lover, PC User

    Messages:
    526
    Location:
    Australia
    System32.exe, located in c:\windows\system32\system32.exe

    Attached.

    WARNING! DO NOT DOWNLOAD, MAY BE A VIRUS. ONLY FOR ENYO!
     
  4. Enyo

    Enyo Moderator

    Messages:
    1,338
  5. lieb39

    lieb39 Apple lover, PC User

    Messages:
    526
    Location:
    Australia
    Wow, that was fast. Thanks.
     
  6. Enyo

    Enyo Moderator

    Messages:
    1,338
    No problem. Is it time to invest in a better AV? :)
     
  7. lieb39

    lieb39 Apple lover, PC User

    Messages:
    526
    Location:
    Australia
    I actually have Norton Antivirus, I just don't run scans haha. I'm not sure how this one got through, probaly because Norton isn't all the time, it slows down my gaming haha.

    Thanks,

    -lieb39
     
  8. Enyo

    Enyo Moderator

    Messages:
    1,338
    heh :D Okay. Keep that AV running lieb39! Or get one that does not take as much resources up (AVG) :)
     
  9. lieb39

    lieb39 Apple lover, PC User

    Messages:
    526
    Location:
    Australia
    I guess I should. "Meh"